A group signature scheme is a scheme that allows the members of a group to sign anonymously. Since this scheme can be applied to electronic voting, anonymous delegation and ID escrow, it is of high utility value in industries.
A conventional system for a group signature scheme includes an issuing device, a user device and a verifying device, these devices being connected so as to communicate with each other. When a user device accesses the authority called the issuing device to execute the procedure of joining means, the issuing device executes the procedure called an issuing procedure to enable the user device to become a member of the group. The user device as a member of the group can create a signature statement as a member of the group. The verifying device can verify the validity of the signature statement but cannot identify the device that created the signature statement. However, the authority called a disclosing device alone can identify the device that created the signature statement.
Other than the above configuration, there is a scheme, which has a revocation function. The group signature scheme having a revocation function needs to have an authority called a revocation manager. When a user device becomes a member of the group, it also accesses the revocation manager to execute registration means. When the user device leaves the group, the revocation manager executes revocation means to make the user device leave the group.
When some user devices left the group, the remaining user devices update the public/secret key pair held in their own by executing key updating means. One of the group signature schemes having a revocation function is proposed in “Jan Camenish. Jens Groth. Group Signatures: Better Efficiency and New Theoretical Aspects. SCN 2004, vol. 3352 of LNCS, pp. 120-133, 2004” (which will be referred to hereinbelow as document 1).
Another group signature scheme is proposed in “G. Ateniese, J. Camenish, M. Joye, and G. Tsudik. A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In Advances in Cryptology—CRYPTO 2000, vol. 1880 of LNCS. pp. 255-270, Springer-Verlag, 2000.”